General
-
Target
eef95a339bd54865da508cef50692d793de2145363b0d242d6d99ffec56f9be9
-
Size
801KB
-
Sample
230410-y9142sga95
-
MD5
dc972b85c0534b30a77b0c54b3cc2736
-
SHA1
881e23da3fade70bd1c70963c3f70c7413e95214
-
SHA256
eef95a339bd54865da508cef50692d793de2145363b0d242d6d99ffec56f9be9
-
SHA512
fc8666d9eeeca9f610f067acc3d05197fe48b7a35b1e5584c9f8b72758940509a6f6583edbd5ccd611636675dadf46446406a91b236f4995adf2e2c3009104c1
-
SSDEEP
12288:yMryy90DeJk5Wyn8oIe2hDiJ5dn5HFwcvfTkxK7CnaX/rQWlUeCyrhjaKsp:sybJC5Ie2hDivdXQxfavrQWWeCyr4Kq
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
zima
176.113.115.145:4125
-
auth_value
2ef701d510c0d27e8a8e3270281678b1
Targets
-
-
Target
eef95a339bd54865da508cef50692d793de2145363b0d242d6d99ffec56f9be9
-
Size
801KB
-
MD5
dc972b85c0534b30a77b0c54b3cc2736
-
SHA1
881e23da3fade70bd1c70963c3f70c7413e95214
-
SHA256
eef95a339bd54865da508cef50692d793de2145363b0d242d6d99ffec56f9be9
-
SHA512
fc8666d9eeeca9f610f067acc3d05197fe48b7a35b1e5584c9f8b72758940509a6f6583edbd5ccd611636675dadf46446406a91b236f4995adf2e2c3009104c1
-
SSDEEP
12288:yMryy90DeJk5Wyn8oIe2hDiJ5dn5HFwcvfTkxK7CnaX/rQWlUeCyrhjaKsp:sybJC5Ie2hDivdXQxfavrQWWeCyr4Kq
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-